Private and Public Issue Fields
In YouTrack, you can mark a custom field as Private. Privacy is set by the Private field property, which you can set when you create or edit a custom field.
For private fields, an extra set of permissions determines whether a user can read or update the field.
If the field is private, users must have permission to Read Issue Private Fields and Update Issue Private Fields in the project, respectively.
For public fields, users only need to have Read Issue and Update Issue permissions.
An issue reporter only needs to have the Create Issue permission to read public fields in the issues that they report themselves.
The following use case describes this concept in more detail.
Use Case for Private Fields
Assume that your company has deployed a software installation for an external client. You want members of the client organization to be able to log in to YouTrack and create issues, but only want them to view and update specific fields, such as Priority and Affected version and add and view attachments.
Other fields, like State, Type, Assignee, and Fix version should only be visible to your internal developers.
To support this use case:
Create a new project for the client.
Add your developers to the project team. This grants these users the Contributor role in the new project and adds them to the list of assignees automatically. By default, the Contributor role is granted Read Issue Private Fields and Update Issue Private Fields permissions. If you have edited the set of permissions for the default Contributor role, you can create a custom role for project developers that grants them permission to view and edit private fields.
Create a group for members of the client organization and assign them the default Reporter role for the project. Make sure that the role does not have permission to Read Issue Private Fields and Update Issue Private Fields.
Now, mark the necessary fields as private. In this case, the fields are Type, Assignee, and Fix version, which are intended for developers only. The State field is marked as private by default.
Note that there are a few limitations to this solution. Users can either read and/or update all private custom fields in a project or none of them.
If, for example, you want clients to view, but not update, the State field, you can grant the Read Issue Private Fields permission to the Reporter role. However, your clients are also able to read (but not update) other private fields in the project.
To manage more complex use cases for custom fields, use a workflow. For more information, see Prevent Unwanted Updates.
Make a Field Private
If you have the same scheme for all your projects (for example, you want to restrict access to issue fields in all projects, as described in our use case), then you can make the shared field private. If your projects differ significantly from each other, project administrators can configure these settings independently. For more information, see Private Custom Fields.
The global privacy setting only affects the initial state for new projects to which the field is attached automatically and existing projects to which the field is attached manually. The privacy settings for existing projects to which the field is already attached are not affected. A project administrator can override the initial privacy setting at any time.
To make a field private by default:
From the Administration menu, select Custom Fields.
Switch to the Fields List tab.
Select the field or fields that you want to make private.
Click the Make private button in the toolbar.
When attached to a project, the updated fields are only visible to users who have the Read Issue Private Fields permission.
Only users who have the Update Issue Private Fields permission can change the value for the custom fields in projects that retain the privacy setting.
The custom fields are shown with a key icon before the field name in the list.
To reverse this action, select the fields and click the Make public button in the toolbar.